Block common WordPress attacks
This article will explain how to block common brute force attacks on WordPress systems.
There are two files that are frequently used for these attacks:
To stop a xmlrpc attack, we recommend that you install the Disable XML-RPC plugin and add the following code to your .htaccess file:
Deny from all
To stop a wp-login.php attack, we recommend that you install the Limit Login Attempts Reloaded plugin and add the following code to your .htaccess file:
allow from xx.xxx.xx.xxx
deny from all
This will ensure that only people with a specific IP address can access your WordPress login page. Be sure to change xx.xxx.xx.xxx to your IP address.